“As the events of 2014 demonstrated, there is no such thing as perfect security,” said Kevin Mandia, SVP and COO, FireEye. “Based on the incidents that Mandiant investigated in 2014, threat actors have continued to evolve, up their game, and utilize new tools and tactics to compromise organizations, steal data and cover their tracks.”

Some of the report’s key findings include:

The time it takes organizations to discover compromises continues to drop. The median number of days attackers were present on a victim’s network before being discovered dropped to 205 days in 2014 from 229 in 2013 and 243 in 2012; however, breaches can go undetected for years. In an extreme case, one organization that Mandiant responded in 2014 to had been breached for over eight years unknowingly.

It is becoming more and more difficult for organizations to detect breaches on their own. In 2014, only 31% of organizations discovered they were breached via their own resources – down from 33% in 2013 and 37% in 2012.

A common thread in major retail breaches last year. Mandiant’s investigations of attacks on retailers in 2014 revealed a common security weakness across many of them: retailers thought their virtual application servers were sufficiently secured but did not implement two-factor authentication, allowing a single stolen user credential to make their entire networks vulnerable.

Threat actors impersonating the IT department has become an even more popular tactic. IT-posing phishing emails comprised 78% of observed phishing schemes we saw in 2014 versus just 44% in 2013.

A rise in e-commerce attacks in countries that utilize the chip-and-pin (EMV) security technology for credit cards. We responded to more compromises of e-commerce companies and payment processors in countries that use chip-and-pin than we have in the past, suggesting increasing threats for e-commerce businesses in the U.S. as the nation begins to adopt the technology.

Attackers are becoming smarter about hiding in the most complex parts of the operating system. Just as they are also getting smarter about accessing the most complex parts of hardware, Mandiant saw more attackers utilize several complex tactics including using Windows Management Instrumentation to avoid detection and carry out broad commands on a system.